Phishing sites are sites that attackers disguise as legitimate websites with the intent to steal user information, especially the credentials that provide access to your network. When a phishing email enters a network, it takes just a single user to click a link and enter credentials to set a breach into motion. You can detect and prevent in-progress phishing attacks, thereby preventing credential theft, by controlling sites to which users can submit corporate credentials based on the site’s URL category. This allows you to block users from submitting credentials to untrusted sites while allowing credential submissions to corporate and sanctioned sites.

Credential phishing prevention works by scanning username and password submissions to websites and comparing those submissions against valid corporate credentials. You can choose what websites you want to either allow or block corporate credential submissions to based on the URL category of the website. When a user attempts to submit credentials to a site in a category you have restricted, either a block response page prevents the user from submitting credentials or a continue page warns users against submitting credentials to sites in certain URL categories, but still allows them to continue with the submission. You can customize response pages to educate users against reusing corporate credentials, even on legitimate, non-phishing sites.

The following topics describe different credential detection methods you can choose and provide instructions for configuring credential phishing protection.